Permissions, once applied, will control what a user or group can do to a file or directory.. If a directory has execute permissions turned off, you cannot change into that directory usin
Trang 1The ftp command provides you with a way to retrieve files from remote machines that aren't set up to share file systems with yours If your machine is running an FTP server, you might be able to use it to provide your files to the rest of the world as well Contact your system administrator about this Remember, this book covers only the using end of Unix, so anything that needs to be added to your Unix system must be requested
To use the ftp command, simply enter the command as follows: ftp <ftp server>, where the FTP server is the IP address or hostname of a remote machine running an FTP server If you've connected
properly, you'll get a prompt for your credentials, which are your username and password It should also be noted that FTP has the same inherent problems as telnet; the information is sent in clear text
Some FTP servers enable you to connect without an account on the system For these, use the username anonymous and give your email address as the password
Let's see how to log in with ftp:
> ftp 10.1.1.1
> ftp pr1
Once connected to an FTP site, you can cd and ls your way around Using the command get
<filename> enables you to retrieve a file, and put <filename> enables you to send one from your directory to the remote system
Can I Secure FTP? So, how can I secure FTP if it is also not secure? The answer is
simple You can use Secure FTP, or SFTP for short If you have ssh installed, you will
most likely have SFTP installed as it is usually part of the same client package If you do
not have it you can request it from your system administrator Another program that you
could use is also secure copy, or scp for short
Summary
In this lesson, you were introduced to a sampling of tools that enable you to make use of the network
resources around you and around the world As you explore Unix, you'll find that this was really only a small sampling, and that there are new tools for you to use appearing constantly Some will be replacements or upgrades for the commands outlined here, and others will be completely new Don't be afraid to try them out Here's a quick review of this lesson's key points:
The telnet command can connect you to remote machines If you have different accounts on different machines, you'll probably find yourself using it frequently
•
The ssh command can connect you to remote machines, securely Ask your system administrator to set up ssh for you if you do not have it This command should be used in lieu of telnet these days
It is just as easy to use, plus you get the added benefit of security
•
The rlogin command also connects you to remote machines, but is more useful than telnet if the machines you work on are configured to allow you to rlogin between them without giving a username or password
•
The slogin command provides security for remote connections If you have it, use it With people breaking into Unix machines daily, the network is becoming a very scary place Using the secure connection provided by slogin protects your network traffic from prying eyes
•
The ftp command connects you with FTP servers, and enables you to transfer files around the world
•
Trang 2The sftp command connects you with FTP servers, and enables you to securely transfer files around the world
•
Lesson 19 Configuring Permissions in Unix
In this lesson, you will learn about how to configure and manage user permissions in Unix
Wow, we have just worked through 18 lessons on how to configure Unix and we are still going strong In the last part of this book, I will attempt to fill in some gaps in the material we just covered For example, we talked about how the ls command when used with the l option would provide a long listing of the files in your current directory We briefly touched on how to read the output from the ls l command and how it had shown the set of permissions associated with each file or directory Now, in this lesson, we will learn more about those permissions and how to configure and manage them
First let's discuss the importance of configuring permissions and why this is important to you, the Unix user Unix file permissions may never be something you even work with, and they may not be something that you need to know to do your job However, if you want to share files with other users on your system, you will need to know a little bit about the concept Let's begin by breaking it down
Unix File and Directory Permissions
Let's examine the output from the ls l command For example, type the following:
>ls -l
-rw-r r 1 rob rob 2024 Dec 25 20:22 39 atest.tar
-rwxrwxr-x 5 rob rob 1024 Dec 25 20:22 atest2.tar
When considering file and directories, you have to understand the concept of ownership Ownership is
nothing more than noting who owns the file Each file has information stored with it that identifies the account that owns it From the example of ls l, you can see that I am the owner of the two files in my current directory: atest.tar and atest2.tar Files are owned by those who create them, although ownership can be transferred
Each file on the Unix system also has a secondary piece of information stored that records the group
ownership of the file
What Is a Group? The definition of a group is not very complex, but the
application of it is Groups are collections of users By allowing a group to
share ownership of files, many people can work together on a project and
have their changes immediately available to other members of the group
Creation of groups is a system administration task, so if you need a group
created for a project, talk to your system administrator
Trang 3Permissions, once applied, will control what a user (or group) can do to a file or directory There are three basic actions, which are self-explanatory: read, write, and execute We have already spent time covering what executables are earlier in the book If you do not have the permissions such as read, write, or execute, then you will not be able to work with the files It's really that simple
Read permissions control whether someone can view a file
•
Write allows or disallows changes to be made to a file
•
Execute permissions control whether a file can be run, or executed
•
Directory Permissions Specifics
We just covered files, but what about the directories that hold the files? Permission rights for directories are slightly different than those of files If a directory has execute permissions turned off, you cannot change into that directory (using the cd command), view its contents, or write to it It is effectively turned off If read permissions are turned off, you can still create files in the directory and read them, but you cannot get a listing
of what is in the directory Lastly, if the write permission for a directory is turned off, you can view a listing
of the contents and read files, but you cannot create any new files
Permission Levels
When permissions are applied to a file or directory, they are applied at three specific levels: owner, group, and world
The user (sometimes called owner) permissions simply control what permissions the file owner has
•
Group permissions determine what actions can be performed by members of the same group to which the file belongs Your system administrator can create new groups, or add you as a member of a group
•
Other (sometimes called world) permissions are for a huge group that encompasses all the users on your computer For example, email-related directories often assume other permissions
•
If there is guest access to your computer, you can assume that any active other permissions apply to anyone who can access your computer
Using ls -l
In this book, we have already spent a large amount of time using the ls command so our coverage here will
be at a minimum In this example, we will use the l option If you run ls -l to list your directories, you can see the owner, group, and associated permissions for any file Some versions of ls won't show you the owner and group simultaneously with this command Usually, they list group and owner if you add the -g option, as
in ls -lg
For an example of using ls l, type the following:
>ls -l
-rw-r r 1 rob rob 2024 Dec 25 20:00 atest.tar
drwxrwxr-x 5 rob rob 1024 Dec 25 20:22 test
Trang 4
The information that we are most concerned with dissecting is the first, third, and fourth columns The first column identifies the owner, group, and other permissions that are active for a file or directory The first character is a d if the file type is a directory In this example, I have a test directory I created with the mkdir command Normally this is a - for a normal file, which you can see for my atest.tar file The remainder
of the characters, as you might guess, stand for read (r), write (w), and execute (x) The first three characters (following the initial - or d character) are the active owner permissions, the second three characters are the group permissions, and the last three are other permissions It is important to memorize these settings, because this is how you know how secure your file or directory is This tells you what the world can do to your files, such as change or delete them if the permissions are too generous Moving on, we see the third column is the file owner, me The fourth column is the group owner, which is again me The rest of the information is simply the size of the file, the date of creation, the time, and the name of the file or directory
Using chmod
Now that you know what permissions are, you probably want to know how to change them,
because listing them can only get you so far Listing them will help you to get a good grip on
what is there, but to make changes you need to take the next step, which is to use the chmod
command There are two modes of operation that you can use with chmod: a quick-and-dirty
mode, and a more user-friendly way of setting permissions
The user-friendly mode uses easy-to-remember commands to set or unset permissions To use
this, do the following:
1. Pick a permission level If you want to set permissions for the owner, the level is u If you
want to change permissions for the group, it is g For other permissions, choose o Lastly,
if you want to affect all the levels of permissions (owner, group, and other), use a
2. Choose an operation Decide whether you want to set (turn on) or unset (turn off) a
particular level of permission If you want to set a permission, the operation is +; if you
want to unset a permission, it is -
3. Choose the permission itself If you want to operate on the read permission, choose r, for
write choose w, and for execute choose x
4. Issue the chmod command in this manner: chmod <permission
level><operation><permission> <filename> <filename>
Let's look at an example of chmod in action It is important that you pay close attention to this
lesson and try to walk away with this knowledge if you are moving from end user to system
administrator Not knowing how to set permissions will almost always ruin your chances for
advancement because you will not be able to do anything without knowing how to change
permissions
The chmod command sets Unix file permissions exactly how you want them, so let's take a
look at how First you need to be connected to your Unix system Because you will not always
be on a local system, you may need to connect to a remote system, log in, change some
permissions, and then exit the session using telnet or ssh Once in the shell prompt, you
need to execute a chmod command Here are some examples of what you can do with the
chmod command:
> chmod 0755 script.sh
Trang 5> chmod 755 script.sh
> chmod u=rwx,g=rx,o=rx script.sh
Let's look at a real example To activate group write permissions for the script.sh file
shown here, type the following:
-rw - 1 rob test 1662882 Dec 25 12:00 script.sh
>chmod g+w script.sh
To see if this worked, you can run ls -l on the filename as follows:
>ls -l script.sh
-rw w 1 rob test 1662882 Dec 25 12:00 script.sh
Write permissions have been activated for the test group members Because of its symbolic
nature, this method for adjusting file permissions might be easy for some; however, there is
another syntax that you might find more efficient and effective In this example, you can set
the actual bit mask that is used to control a file's permissions The bit mask would be the three
binary bits used to represent each level of permission The three binary bits would be (in order
from left to right):
1st bit: (start from the left) controls read
•
2nd bit: controls write
•
3rd bit: controls execute
•
There, those are your three permissions, and now you can view our example here as binary
numbers translated to decimal:
100 - Read permission - The decimal equivalent of this binary value is 4.
010 - Write permission - The decimal value for write is 2.
001 - Execute permission - The decimal representation is 1.
So this is the layout, and you would need to understand the concepts of Boolean math a bit,
but if you don't, Table 19.1 will serve you well:
Table 19.1 Permission Bits
Bit Write
1st Bit Execute
To figure this out you need to know how binary numbers are converted to decimal You need only to know how to convert the first three numbers From moving from right to left, start to count from 1 and move up by the power of 2 each time, so you would have 1, 2, and then 4, correct? If that is the case, then you need to
Trang 6know that if you took the first bunch of three 001 and counted from left to right saying that 0 is "off" and a 1
is "on," the first one count from right to left by 1, 2, and 4 would be 1 Now take the next example010 This one is two because the middle column in our example of 1, 2, 4 from the right to left would mean that 0 is off (so no 1), then 2 is on, then 4 is off Get it now? How about the last one… 100
With this example, you can quickly figure out the decimal number you need to use; instead of setting
permissions the other way, you can specify them as such
Using this technique, you can easily set multiple permissions simultaneously For example, it's easy to see that
110 is the combination of the read and write permissions The decimal value of this binary string is 6 (4+2) I now have my setting for read and write permissions To use this method of setting a file's permissions, you set permissions for owner, group, and other simultaneously Each of these digits is the sum of the permissions that you want to set The first digit is the owner, the second is the group, and the third is other
For example, suppose that you want to set the owner to have full permissions, and the group and other to have read and execute permissions Full permissions are achieved by adding all the permission values (4+2+1=7) Read and execute permissions are a combination of 4+1=5 The three numbers you'll use to set this are 7, 5, and 5, entered as a single three-digit number, 755 The syntax for this form of chmod is as follows: chmod
<permissions> <filename> <filename>
For example, check out the following:
>chmod 755 script.sh
>ls -lg script.sh
-rwxr-xr-x 1 rob test 1663882 Dec 25 script.sh
As you might hope, the owner has full read, write, and execute permissions, whereas the group and other have read and execute permissions As you become experienced, you'll probably find that this second method is the fastest way to set permissions Just remember read (4), write (2), and execute (1), and you'll be fine
Changing Permissions Recursively If you want to change the permissions of all the files
and directories within any directory, you can use the -R option with the chmod
command to recursively change everything within a directory
This example performs recursive chmod for the directory:
> chmod -R 755 somedirectory
You should feel comfortable with changing permissions if you understood everything completely, and no fear
if you didn't This is why I harp on practice so much, to make sure that you will keep doing this until you can read permissions and their placement every time you run the ls l command
Now that you are familiar with all these difficult concepts, let's build on them to show you how to change a group setting
Trang 7Using chgrp
Although you can't change a file's owner, you can change the group that a file belongs to You can do this with the chgrp command chgrp is a Unix command used to change the group setting The chgrp
command stands for "change group." The chgrp command marks a file as being part of a different group To
do this, however, you must be a member of that group Your Unix system administrator has the capability to create new groups and add users to these groups If you have any questions about your own group
membership(s), ask your administrator how your account was configured
To use chgrp, follow these steps:
1. Choose the file or files you want to change
2. Determine which group the file now belongs to
3. Change the file's group using the following command: chgrp <new group> <filename>
<filename>
For example, type the following:
>chgrp admins script.sh
>ls -lg script.sh
-rwxr-xr-x 1 rob admins 1463882 Dec 25 12:00
(output removed)
The script.sh file now belongs to the group admins Members of the group have read and execute
permissions for the file The most obvious use for chgrp is if you are collaborating on a project If you create
a file that you want to share with many people, you'll need to change the group of the file to one that all the users belong to
Be Careful with What You Change Be careful when setting permissions If you change
something too drastically, you can really get into trouble Changing permissions can also
lock you out of something, so be careful using this lesson in a production environment if
you are just learning Unix Consider what can happen, for the worse
Summary
One more lesson to go! You have come a long way from just logging into Unix to now setting permissions on files and directories You should be very proud to be a Unix user with some solid skills learned entirely from scratch In our next lesson, we will wrap up the book with a few more high-end commands that you can experiment with and incorporate into your other lessons, such as scripting, for example
In this lesson, you learned the purpose of permissions, owners, and groups, which is very important to know if you want to do more than just list data in a directory Now you can read that list and understand who has access to what and how to set that access if needed You now know how to do this not only by setting
permissions as we did, but also changing the group on the file or directory as well You now understand what
is necessary to enable other users to access your files and how to collaborate on projects using group
Trang 8permissions You might want to take a few minutes to talk to your system administrator to find out how she has decided to manage groups Also, you might want to request that groups be created that include other users with whom you want to share files
Following is a look at some of the highlights from this lesson:
Permissions File permissions control who can access a file, and what level of access they have to a file The three levels of permissions are read, write, and execute These permissions can be applied to the owner, group, or other
•
chmod The chmod command changes the permissions for a file or directory There are two methods
of operation: symbolic and numeric They both accomplish the same thing, so use the one you feel comfortable with
•
chgrp You can change the group that a file belongs to with the chgrp function You can change only the file to a group that you belong to
•
Lesson 20 Unix Privileged Commands
In this lesson, you'll take a look at some of the restricted commands that Unix system administrators use, and learn some of the other things you can do with your Unix system
In this chapter we celebrate you not only reaching the end of the book (congratulations!) but to also welcome you to the "power-user" ranks If you have successfully navigated through this book and have been practicing
so that you can recall all the commands and some of their options that we learned about, then you are ready for the next step
The commands in this section are restricted commands that are mostly used by Unix system administrators It doesn't hurt to know about them and how they work so that if you are interested, you can dig deeper into them and start on the path to being a Unix system administrator If not, knowing these commands surely puts you at the advantage because knowledge is power Just fill your brain with as much Unix as you can, and before long you will be typing commands quickly and know exactly what it is you are doing
In this lesson, I open the doors to a few new concepts and hope that after this lesson is done, you are
efficiently typing the learned commands and their proper options in the shell prompt with no problems For those who may have forgotten about root, let's quickly discuss it
Root Refresher
In this lesson, we discuss commands that are used only as root So we are all on the same page here, let's go back over what root is It is critically important you know root and it does have two different meanings
You Need to Be Root In this lesson, you'll take a look at some of the restricted
commands that Unix system administrators use, and learn some of the other things you
can do with your Unix system The commands in this lesson are restricted to being run
by the root user, but the information here will help you understand some of root's
concerns and help conversations with your system administrator to make a little more
sense Because of the way that Unix works (with multiple users, multiple processes, and
files owned by potentially hundreds of people), there are certain commands that will
cause chaos if entrusted to normal users These commands do things such as format
Trang 9disks, reboot the system, and create or remove devices.
Root technically has two definitions in Unix For one, it's the name of the login account given full and
complete access to all system resources
The root directory is another one, which is also used to describe the directory named / This is the top-level drive to where all the rest of the Unix system branches off from
Make sure you are logged in as the root (user account) so that you can work with any of the commands seen here If you cannot log in as root at work, follow along and wait until you can set up a test lab at home so you can work on these root-level commands Making mistakes with these commands is even more unforgiving then any other command we have learned so far These could really cause serious issues to the system if not done correctly You need to make sure you practice before doing these commands in a live setting
Using the su Command The su command creates a shell with the user ID of
another user
sudo (pronounced soo-doo) simply stands for "SuperUser do." sudo is used to
allow any user to run some, if not all, root-level commands using that account
Make sure you consider this and make it just as important as the root account,
because it's easy to see how quickly it can be exploited
Single-User Mode
Single-user mode is a Unix system mode from bootup created for administrative and maintenance activities, a mode where the machine has no network resources and can only support a single user logged in Single-user mode will absolutely demand complete control of the system When the system is in this single-user mode, whoever is logged in becomes root This is, however, a minimal system startup state so don't fear, it is merely for diagnostics If you do become interested in repairing a non-booting Unix system, or want to try to repair problems in your system, you may want to learn about this mode Only the root partition is mounted, so only commands that reside in the root file system are available As well, every Unix machine can be configured to boot into single-user mode
Single-user mode can also be viewed as a maintenance mode that enables the root user to repair problems with the system without having to worry about other users changing things that they are working on This is
essentially what it is used for If you have bootup problems, then ask your system administrator, and look yourself to see what is done
With some versions of Unix, if a machine experiences a particularly hard crash, it might reboot itself into single-user mode automatically This is why you may see it as a Unix end user; if you notice something different, then ask for help The system may have suffered a hard crash and is now waiting for your help! Some versions of Unix and Linux will require you to give up a root password before any commands can be entered, and others come up directly into a root shell; this varies by distribution and configuration If you happen to crash a Unix machine and it comes up in single-user mode, it is better you do absolutely nothing and ask for help because the system is prepped for the experienced administrator, not the inexperienced end user If the wrong things are entered, the system could become worse, or logging and troubleshooting data can
be lost Anything you do has the potential to make diagnosing the crash impossible; worse, it can have
devastating effects on the system At the same time, if you are at home in your lab, go to town Look online or
Trang 10get more books on how to figure out how to operate this mode and try to simulate issues to get yourself
comfortable with troubleshooting and entering the mode manually
fsck
The fsck command (short for "file system check" or "file system consistency check") will start the Unix system utility to check the consistency of your file system Every now and again you might hear a Unix system
administrator talking about the need to fsck a hard drive because it is experiencing problems Hard disks are like light bulbs: They are made to fail and actually have a MTBF (Mean Time Between Failure) associated with them This just means that like a light bulb, their internal parts will eventually quit and cease to function due to nonstop use and/or damage
The fsck command is Unix's disk fixer program, and it is used to clean up problems caused by crashes or errant pieces of software Much like the tools used in Microsoft Windows systems (such as ScanDisk and defrag), you will eventually need to know this command if you are managing and maintaining a Unix system Most Unix systems fsck their drives on bootup, and the expected result is an analysis report containing the number of files and the fragmentation level of the drive If you're watching a Unix machine boot, do not be overly concerned if you see fsck report problems Unix automatically attempts to fix them
In most cases, fsck will be successful at the repair and fix After using fsck on the drives, the system restarts the reboot process, which should then bring you to the login prompt If the drives have serious problems, the automatic fsck exits with the following error message: Run fsck by hand
Here is what the whole message would look like on some distros of Unix or Linux
[View full width]
checking root filesystems parallelizing fsck version 1.04 [/sbin/fsck.ext2] fsck.ext2 -a /dev/sda1 /dev/sda1 contains a file system with errors check forced Block 23454345665 of inode 143234 > Blocks (10234234) /dev/sda1: UNEXPECTED INCONSISTENCY; Run fsck manually an error occurred during the file system check Dropping you to a shell; the system will reboot when you leave the shell
If it does, please don't touch anything, and go find a system administrator for help If you are running this in your lab, then this is also tied to what we just learned; you may be booting in single-user mode and need to run fsck
If you have a crash after booting, you should run fsck from a boot disk, which may be the same ones you used
to install Unix or Linux in your lab In this example, you can run fsck /dev/sda1 (the partition that is showing the errors) and fsck will attempt the fix fsck will prompt you to find and fix each error so you can see what it is Again, this is only something you should do in a lab, or as an experienced user
shutdown/reboot
There may be a time where you need to shut down your Unix system or reboot it Although I can vouch from many years of experience that you will reboot Unix or Linux far less than Microsoft Windows, you may still need to shut down your system or reboot it Unix boots differently than Microsoft Windows Most Windows operating systems will boot up as a complete unit In Unix, the kernel loads, and then anything else is loaded around it for use Unix uses dozens of programs to form what appears to be a huge operating system, when in reality it's all loaded separately as single programs
Each of these programs might be in the process of modifying, moving, creating, or deleting files at any point
in time and cannot be interrupted If you simply shut off the power to a Unix machine, you interrupt all these processes, and probably destroy any files they were working on at the time This happens often, and is another